Docker Commands

Docker Installation

Debian Stretch

curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -; apt-key adv --list-public-keys --with-fingerprint --with-colons | grep 9DC8 | cut -c 13-52 | \ grep -q -w "9DC858229FC7DD38854AE2D88D81803C0EBFCD88" && export KEY_OK=KEY_OK; if [ "$KEY_OK" = 'KEY_OK' ] then add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/debian \ $(lsb_release -cs) \ stable" && apt-get update && apt-get install -y docker-ce; fi

Ubuntu 18.04

apt-get update && apt-get install -y docker.io

Installing Docker Compose Debian & Ubuntu

Check latest version: github.com/docker/compose/releases curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) \ -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose && docker-compose --version


Docker Basics

All the --link commands are legacy. Better use docker-compose and build networks for that purpose!
If you need quick and non sustainable way to network container together you can use --link.
This command will run a Web Server in a container linked to an SQL Server and launch init to keep it up:
docker run --privileged --restart always -it \ -v /local/mount/folder/path:/var/lib/mysql --link sql_server_container_name:sql_server_container_name \ -v /sys/fs/cgroup:/sys/fs/cgroup \ --name web_server_container_name -d image_name:tag /sbin/init Run a Web Server container with a shared volume, host port mapped to container port, exposing the container port to the host, in daemon mode from an image:
docker run --name webserver -v /shared/DIR/from/host:/path/in/container:ro (rw) \ -p HOST_PORT:CONTAINER_PORT -d (deamon) image_name This will run interactively an Nginx container linked to a PHP container named phpserver:
docker -it --link phpserver:phpserver nginx /bin/bash This is how is adds up:
docker -it --link ContainerName_ToLink:ContainerAlias image_name command_to_run --link < name or id >:alias The alias is the other linked container host name as present in the our nginx container /etc/hosts file.
Docker LINK hierarchy builds over a logical connection: NGINX connects to PHP which connects to MYSQL hence start MYSQL container first, then PHP and last NGINX. To keep persistent data when a container will stop, the DATA MUST BE STORED OUTSIDE THE CONTAINER: The volume for the mysql image (-v /my/own/datadir:/var/lib/mysql)

Getting into a container:
attach Attach to a running container: docker attach --sig-proxy=false CONTAINER_ID or CONTAINER_NAME permits go back into a container with the --sig-proxy=false to not kill the container when the terminal is detached OR:
docker exec -i -t CONTAINER_ID bash

Docker copy:
docker cp < containerId >:/file/path/within/container /host/path/target docker cp 25bc97fc48e3:/home/kali-user/167.99.27.137-201806190451.tar.gz \ /home/tom/Workspaces/docker/sparta/sparta-data/


Docker Command Options

build Build an image from a Dockerfile commit Create a new image from a container's changes |_ docker commit CONTAINER_ID |_ docker tag NEW_IMAGE_ID NEW_IMAGE_NAME:NEW_IMAGE_TAG_(VERSION) cp Copy files/folders from a container's filesystem to the host path create Create a new container diff Inspect changes on a container's filesystem events Get real time events from the server exec Run a command in an existing container export Stream the contents of a container as a tar archive history Show the history of an image images List images | see image library with "docker images" import Create a new filesystem image from the contents of a tarball info Display system-wide information inspect Return low-level information on a container kill Kill a running container load Load an image from a tar archive login Register or log in to a Docker registry server logout Log out from a Docker registry server logs Fetch the logs of a container port Lookup the public-facing port that is NAT-ed to PRIVATE_PORT pause Pause all processes within a container ps List containers or all ever ran --all pull Pull an image or a repository from a Docker registry server push Push an image or a repository to a Docker registry server restart Restart a running container rm Remove one or more containers rmi Remove one or more images | docker rmi -f ou --force run Run a command in a new container | \ -d as deamon -p HOST_PORT:CONTAINER_PORT expose ports | -ti t to emulate a TTY term and i to retreive it -v to mount a FS save Save an image to a tar archive search Search for an image on the Docker Hub start Start a stopped container stop Stop a running container tag Tag an image into a repository top Lookup the running processes of a container unpause Unpause a paused container version Show the Docker version information wait Block until a container stops, then print its exit code

Common docker usages

Tag an image locally and on a repository:
docker tag local-image:tagname new-repo:tagname Then push the image to the repository
docker push new-repo:tagname NB: You'll need to get your API Key or to be logged in.
Docker Tag / Docker push to repository: https://stackoverflow.com/questions/41984399/denied-requested-access-to-the-resource-is-denied-docker
curl -u your_docker_user_name:apikey https://cloud.docker.com/api/app/v1/service/ docker push your_docker_user_name/remote-images:tagname Get an official Debian && connect into it:
docker pull debian && docker run -it debian /bin/bash A container launched with -d can be accessed to see what's happening into the it with -ti --sig-proxy=false
An example of a "complex" docker command launching an SQL Server with persistent data store and database user configuration (insecure)
docker run --name sqlsrv3 -v /mnt/databases:/var/lib/mysql \ -e MYSQL_ROOT_PASSWORD=root_password -e MYSQL_DATABASE=db-sql -e MYSQL_USER=db_user \ -e MYSQL_PASSWORD=db_user_password -d mysql:latest One liner to stop / remove all of Docker containers:
docker stop $(docker ps -a -q) docker rm $(docker ps -a -q)

Post Install for a Minimal Debian Container

apt-get update && apt-get upgrade -y && apt-get install -y curl wget gzip \ unzip vim vim-common vim-runtime htop sysstat net-tools Or, basics needed in new docker container:
apt-get install -y curl gzip bzip2 unzip curl wget htop sysstat \ apt-transport-https software-properties-common apt-utils gnupg2 nano;


docker-compose

Docker-compose RAW YAML example files for download: docker-compose.yml, docker-compose-2.yml. Below is a docker-compose.yml file as a fully working example:
version: '3' services: web: image: nginx:latest restart: always ports: - "80:80" - "443:443" volumes: - ./nginx.conf/nginx.conf:/etc/nginx/nginx.conf - ./html:/html - ./site.conf:/etc/nginx/sites-enabled - ./certs:/certs - ./logs:/var/log/nginx - ./mime.types/mime.types:/etc/nginx/mime.types networks: - lemp-network php: image: php:fpm restart: always volumes: - ./html:/html - ./php-log.conf:/usr/local/etc/php-fpm.d/zz-log.conf networks: - lemp-network db: image: mariadb:latest restart: always ports: - "3306:3306" volumes: - ./db-data:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=test networks: - lemp-network phpmyadmin: image: phpmyadmin/phpmyadmin:latest restart: always ports: - "8080:443" volumes: - ./pma.conf/nginx.conf:/etc/nginx.conf - ./pma.conf/htpasswd:/htpasswd - ./logs:/var/log/nginx - ./certs:/certs environment: - MYSQL_USERNAME:root - MYSQL_ROOT_PASSWORD:test - PMA_HOST:db networks: - lemp-network networks: lemp-network: driver: bridge

Intallation:

sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) \ -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose


Dockerfile

Below are two examples of a fully working, yet complex Dockerfiles with data persistence, database or graphical user interface export from the container.
The RAW Dockerfile can be downloaded as an example.


Dockerfile example using Kali Linux to run Sparta with GUI export:

FROM kalilinux/kali-linux-docker:latest RUN apt-get update && apt-get upgrade -y RUN apt-get install -y iftop iptraf net-tools curl gzip bzip2 unzip RUN apt-get install -y libxext-dev libxrender-dev libxtst-dev libqtwebkit4 libqt4-dev RUN apt-get install -y python-elixir ldap-utils rwho rsh-client x11-apps finger python-pyside.qtwebkit python-qt4 RUN apt-get install -y hydra cutycapt nmap RUN apt-get install -y sudo RUN export uid=1000 gid=1000 RUN mkdir -p /home/kali-user RUN echo "kali-user:x:${uid}:${gid}:kali-user,,,:/home/kali-user:/bin/bash" >> /etc/passwd RUN echo "kali-user:x:${uid}:" >> /etc/group RUN echo "kali-user ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers RUN chmod 0440 /etc/sudoers RUN chown ${uid}:${gid} -R /home/kali-user USER kali-user ENV home /home/kali-user ADD bashrc /home/kali-user/.bashrc ADD bashrc /root/.bashrc ADD sparta-data /usr/share/sparta ADD sparta-beta-1.0.3 /opt/sparta-beta-1.0.3 ADD sparta-beta-1.0.3/app/auxiliary.py /usr/share/sparta/app/auxiliary.py RUN chown ${uid}:${gid} -R /opt/sparta-beta-1.0.3 CMD /opt/sparta-beta-1.0.3/sparta

Dockerfile example using Kali Linux to run Metasploit Framework with a database:

FROM kalilinux/kali-linux-docker:latest RUN apt-get update && apt-get upgrade -y RUN apt-get install -y libxext-dev libxrender-dev libxtst-dev bmon iftop iptraf nethogs net-tools nmap \ wireshark htop curl apt-transport-https apt-utils strace sysstat ca-certificates gnupg2 \ software-properties-common gzip bzip2 whois dnsutils rblcheck unzip vim vim-common vim-runtime httrack \ python2.7-minimal python3 python-pip pexpect pycrypto requests pyopenssl pefile impacket impacket qrcode \ pillow libxext-dev libxrender-dev libxtst-dev python-elixir ldap-utils rwho rsh-client x11-apps finger \ python-pyside.qtwebkit python-qt4 hydra nmap libapache2-mod-php python-pefile python-pexpect \ python-ptyprocess metasploit-framework setoolkit armitage kali-linux-web kali-linux-top10 man-db exploitdb RUN export uid=1000 gid=1000 RUN mkdir -p /home/kali-user RUN echo "kali-user:x:${uid}:${gid}:kali-user,,,:/home/kali-user:/bin/bash" >> /etc/passwd RUN echo "kali-user:x:${uid}:" >> /etc/group RUN echo "kali-user ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers RUN chmod 0440 /etc/sudoers RUN chown ${uid}:${gid} -R /home/kali-user USER kali-user ENV home /home/kali-user ADD data /data ADD root /root ADD database.yml /usr/share/metasploit-framework/config/database.yml ADD postgresql /var/lib/postgresql ADD services.sh /services.sh CMD sh - /services.sh; /bin/bash
My Commands & Shorcuts

sudo docker cp 6f69511443c5:/var/lib/postgresql/10 \ $HOME/docker/armitage/postgresql sudo docker cp 6f69511443c5:/usr/share/metasploit-framework/config/database.yml \ $HOME/Workspaces/docker/armitage/database.yml docker run -ti --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix \ --mount type=bind,src=/path/to/docker/folders/home/kali-user,dst=/home/kali-user \ $IMAGE_NAME:IMAGE_TAG docker run -ti --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix \ --mount type=bind,src=$HOME/Workspaces/docker/armitage/root,dst=/root \ --mount type=bind,src=$HOME/Workspaces/docker/armitage/armitage-data,dst=/usr/share/armitage \ --mount type=bind,src=$HOME/Workspaces/docker/armitage/home/kali-user,dst=/home/kali-user \ --mount type=bind,src=$HOME/Workspaces/docker/armitage/postgresql,dst=/var/lib/postgresql \ armitage:latest docker run -ti -rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix \ --mount type=bind,src=$HOME/Workspaces/docker/maltego/root,dst=/root \ --mount type=bind,src=$HOME/Workspaces/docker/maltego/home/kali-user,dst=/home/kali-user \ simonthomas/maltego:latest --mount type=bind,src=$HOME/Workspaces/docker/cloudtools/data,dst=/root/data docker run -ti -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix \ --mount type=bind,src=$HOME/Workspaces/docker/kali-linux-web-assessment/root,dst=/root \ --mount type=bind,src=$HOME/Workspaces/docker/kali-linux-web-assessment/bashrc,dst=/root/.bashrc \ --mount type=bind,src=$HOME/Workspaces/docker/kali-linux-web-assessment/data,dst=/data \ --mount type=bind,src=$HOME/Workspaces/docker/kali-linux-web-assessment/home/kali-user,dst=/home/kali-user \ --mount type=bind,src=$HOME/Workspaces/docker/kali-linux-web-assessment/postgresql,dst=/var/lib/postgresql \ simonthomas/kali-linux-web-assessment:latest export SEP="-------------------------------------------------" alias full-docker-list='docker ps && echo $SEP && docker ps --all && echo $SEP && docker images'